[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Oct 25 21:10:37 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6c841fb2 by security tracker role at 2022-10-25T20:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,47 @@
+CVE-2022-43746
+ RESERVED
+CVE-2022-43745
+ RESERVED
+CVE-2022-43744
+ RESERVED
+CVE-2022-43743
+ RESERVED
+CVE-2022-43742
+ RESERVED
+CVE-2022-43741
+ RESERVED
+CVE-2022-43740
+ RESERVED
+CVE-2022-43739
+ RESERVED
+CVE-2022-43738
+ RESERVED
+CVE-2022-43737
+ RESERVED
+CVE-2022-43736
+ RESERVED
+CVE-2022-43735
+ RESERVED
+CVE-2022-43734
+ RESERVED
+CVE-2022-43733
+ RESERVED
+CVE-2022-43732
+ RESERVED
+CVE-2022-43731
+ RESERVED
+CVE-2022-43730
+ RESERVED
+CVE-2022-43729
+ RESERVED
+CVE-2022-43728
+ RESERVED
+CVE-2022-43727
+ RESERVED
+CVE-2022-43726
+ RESERVED
+CVE-2022-43725
+ RESERVED
CVE-2022-43724
RESERVED
CVE-2022-43723
@@ -672,8 +716,8 @@ CVE-2022-3646 (A vulnerability, which was classified as problematic, has been fo
NOTE: https://git.kernel.org/linus/d0d51a97063db4704a5ef6bc978dddab1636a306 (6.1-rc1)
CVE-2022-3645
RESERVED
-CVE-2022-3644
- RESERVED
+CVE-2022-3644 (The collection remote for pulp_ansible stores tokens in plaintext inst ...)
+ TODO: check
CVE-2022-3643
RESERVED
CVE-2022-3642 (A vulnerability classified as problematic has been found in Linux Kern ...)
@@ -2304,8 +2348,7 @@ CVE-2022-42892
RESERVED
CVE-2022-42891
RESERVED
-CVE-2022-42890
- RESERVED
+CVE-2022-42890 (A vulnerability in Batik of Apache XML Graphics allows an attacker to ...)
- batik <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2022/10/25/3
NOTE: https://issues.apache.org/jira/browse/BATIK-1345
@@ -3810,16 +3853,16 @@ CVE-2022-3397 (OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bou
NOT-FOR-US: OMRON CX-Programmer
CVE-2022-3396 (OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds W ...)
NOT-FOR-US: OMRON CX-Programmer
-CVE-2022-3395
- RESERVED
-CVE-2022-3394
- RESERVED
-CVE-2022-3393
- RESERVED
-CVE-2022-3392
- RESERVED
-CVE-2022-3391
- RESERVED
+CVE-2022-3395 (The WP All Export Pro WordPress plugin before 1.7.9 uses the contents ...)
+ TODO: check
+CVE-2022-3394 (The WP All Export Pro WordPress plugin before 1.7.9 does not limit som ...)
+ TODO: check
+CVE-2022-3393 (The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not ...)
+ TODO: check
+CVE-2022-3392 (The WP Humans.txt WordPress plugin through 1.0.6 does not sanitise and ...)
+ TODO: check
+CVE-2022-3391 (The Retain Live Chat WordPress plugin through 0.1 does not sanitise an ...)
+ TODO: check
CVE-2022-42251
RESERVED
CVE-2022-42250 (Simple Cold Storage Management System v1.0 is vulnerable to SQL inject ...)
@@ -5054,8 +5097,7 @@ CVE-2022-41706
RESERVED
CVE-2022-41705
RESERVED
-CVE-2022-41704
- RESERVED
+CVE-2022-41704 (A vulnerability in Batik of Apache XML Graphics allows an attacker to ...)
- batik <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2022/10/25/2
NOTE: https://issues.apache.org/jira/browse/BATIK-1338
@@ -5104,8 +5146,8 @@ CVE-2022-3352 (Use After Free in GitHub repository vim/vim prior to 9.0.0614. ..
NOTE: https://github.com/vim/vim/commit/ef976323e770315b5fca544efb6b2faa25674d15 (v9.0.0614)
CVE-2022-3351 (An issue has been discovered in GitLab EE affecting all versions start ...)
- gitlab <not-affected> (Only affects Gitlab EE)
-CVE-2022-3350
- RESERVED
+CVE-2022-3350 (The Contact Bank WordPress plugin through 3.0.30 does not sanitise and ...)
+ TODO: check
CVE-2022-3349 (A vulnerability was found in Sony PS4 and PS5. It has been classified ...)
NOT-FOR-US: Sony
CVE-2022-3348 (Just like in the previous report, an attacker could steal the account ...)
@@ -5334,8 +5376,7 @@ CVE-2022-3346
RESERVED
CVE-2022-3345
RESERVED
-CVE-2022-3344
- RESERVED
+CVE-2022-3344 (A flaw was found in the KVM's AMD nested virtualization (SVM). A malic ...)
- linux <unfixed>
NOTE: https://lore.kernel.org/lkml/20221020093055.224317-5-mlevitsk@redhat.com/T/
CVE-2022-3343
@@ -5354,8 +5395,8 @@ CVE-2022-3337
RESERVED
CVE-2022-3336
RESERVED
-CVE-2022-3335
- RESERVED
+CVE-2022-3335 (The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 u ...)
+ TODO: check
CVE-2022-3334
RESERVED
CVE-2022-3333 (A vulnerability, which was classified as problematic, was found in Zep ...)
@@ -5534,12 +5575,12 @@ CVE-2022-3303 (A race condition flaw was found in the Linux kernel sound subsyst
{DSA-5257-1}
- linux 5.19.11-1
NOTE: https://git.kernel.org/linus/8423f0b6d513b259fdab9c9bf4aaa6188d054c2d (6.0-rc5)
-CVE-2022-3302
- RESERVED
+CVE-2022-3302 (The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin ...)
+ TODO: check
CVE-2022-3301 (Improper Cleanup on Thrown Exception in GitHub repository ikus060/rdif ...)
- rdiffweb <itp> (bug #969974)
-CVE-2022-3300
- RESERVED
+CVE-2022-3300 (The Form Maker by 10Web WordPress plugin before 1.15.6 does not proper ...)
+ TODO: check
CVE-2022-41553
RESERVED
CVE-2022-41552
@@ -6555,10 +6596,10 @@ CVE-2022-3249
RESERVED
CVE-2022-3248
RESERVED
-CVE-2022-3247
- RESERVED
-CVE-2022-3246
- RESERVED
+CVE-2022-3247 (The Blog2Social: Social Media Auto Post & Scheduler WordPress plug ...)
+ TODO: check
+CVE-2022-3246 (The Blog2Social: Social Media Auto Post & Scheduler WordPress plug ...)
+ TODO: check
CVE-2022-3245 (HTML injection attack is closely related to Cross-site Scripting (XSS) ...)
NOT-FOR-US: microweber
CVE-2022-3244 (The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does n ...)
@@ -9625,10 +9666,10 @@ CVE-2022-39839 (Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks
NOT-FOR-US: Cotonti Siena
CVE-2022-39838 (Systematic FIX Adapter (ALFAFX) 2.4.0.25 13/09/2017 allows remote file ...)
NOT-FOR-US: Systematic FIX Adapter (ALFAFX)
-CVE-2022-39837
- RESERVED
-CVE-2022-39836
- RESERVED
+CVE-2022-39837 (An issue was discovered in Connected Vehicle Systems Alliance (COVESA) ...)
+ TODO: check
+CVE-2022-39836 (An issue was discovered in Connected Vehicle Systems Alliance (COVESA) ...)
+ TODO: check
CVE-2022-39835 (An issue was discovered in Gajim through 1.4.7. The vulnerability allo ...)
- gajim 1.5.0-1
[bullseye] - gajim <no-dsa> (Minor issue)
@@ -10669,36 +10710,36 @@ CVE-2022-39356
RESERVED
CVE-2022-39355
RESERVED
-CVE-2022-39354
- RESERVED
+CVE-2022-39354 (SputnikVM, also called evm, is a Rust implementation of Ethereum Virtu ...)
+ TODO: check
CVE-2022-39353
RESERVED
CVE-2022-39352
RESERVED
-CVE-2022-39351
- RESERVED
-CVE-2022-39350
- RESERVED
-CVE-2022-39349
- RESERVED
+CVE-2022-39351 (Dependency-Track is a Component Analysis platform that allows organiza ...)
+ TODO: check
+CVE-2022-39350 (@dependencytrack/frontend is a Single Page Application (SPA) used in D ...)
+ TODO: check
+CVE-2022-39349 (The Tasks.org Android app is an open-source app for to-do lists and re ...)
+ TODO: check
CVE-2022-39348
RESERVED
CVE-2022-39347
RESERVED
CVE-2022-39346
RESERVED
-CVE-2022-39345
- RESERVED
+CVE-2022-39345 (Gin-vue-admin is a backstage management system based on vue and gin, w ...)
+ TODO: check
CVE-2022-39344
RESERVED
CVE-2022-39343
RESERVED
-CVE-2022-39342
- RESERVED
-CVE-2022-39341
- RESERVED
-CVE-2022-39340
- RESERVED
+CVE-2022-39342 (OpenFGA is an authorization/permission engine. Versions prior to versi ...)
+ TODO: check
+CVE-2022-39341 (OpenFGA is an authorization/permission engine. Versions prior to versi ...)
+ TODO: check
+CVE-2022-39340 (OpenFGA is an authorization/permission engine. Prior to version 0.2.4, ...)
+ TODO: check
CVE-2022-39339
RESERVED
CVE-2022-39338
@@ -10723,20 +10764,20 @@ CVE-2022-39329
RESERVED
CVE-2022-39328
RESERVED
-CVE-2022-39327
- RESERVED
-CVE-2022-39326
- RESERVED
+CVE-2022-39327 (Azure CLI is the command-line interface for Microsoft Azure. In versio ...)
+ TODO: check
+CVE-2022-39326 (kartverket/github-workflows are shared reusable workflows for GitHub A ...)
+ TODO: check
CVE-2022-39325
RESERVED
CVE-2022-39324
RESERVED
CVE-2022-39323
RESERVED
-CVE-2022-39322
- RESERVED
-CVE-2022-39321
- RESERVED
+CVE-2022-39322 (@keystone-6/core is a core package for Keystone 6, a content managemen ...)
+ TODO: check
+CVE-2022-39321 (GitHub Actions Runner is the application that runs a job from a GitHub ...)
+ TODO: check
CVE-2022-39320
RESERVED
CVE-2022-39319
@@ -10747,14 +10788,14 @@ CVE-2022-39317
RESERVED
CVE-2022-39316
RESERVED
-CVE-2022-39315
- RESERVED
+CVE-2022-39315 (Kirby is a Content Management System. Prior to versions 3.5.8.2, 3.6.6 ...)
+ TODO: check
CVE-2022-39314 (Kirby is a flat-file CMS. In versions prior to 3.5.8.2, 3.6.6.2, 3.7.5 ...)
NOT-FOR-US: Kirby CMS
CVE-2022-39313 (Parse Server is an open source backend that can be deployed to any inf ...)
TODO: check
-CVE-2022-39312
- RESERVED
+CVE-2022-39312 (Dataease is an open source data visualization analysis tool. Dataease ...)
+ TODO: check
CVE-2022-39311 (GoCD is a continuous delivery server. GoCD helps you automate and stre ...)
NOT-FOR-US: GoCD
CVE-2022-39310 (GoCD is a continuous delivery server. GoCD helps you automate and stre ...)
@@ -11072,8 +11113,8 @@ CVE-2022-3099 (Use After Free in GitHub repository vim/vim prior to 9.0.0360. ..
NOTE: https://github.com/vim/vim/commit/35d21c6830fc2d68aca838424a0e786821c5891c (v9.0.0360)
CVE-2022-3098 (The Login Block IPs WordPress plugin through 1.0.0 does not have CSRF ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-3097
- RESERVED
+CVE-2022-3097 (The LBStopAttack WordPress plugin through 1.1.2 does not use nonces wh ...)
+ TODO: check
CVE-2022-3096
RESERVED
CVE-2022-3095
@@ -11952,8 +11993,8 @@ CVE-2022-38872
RESERVED
CVE-2022-38871
RESERVED
-CVE-2022-38870
- RESERVED
+CVE-2022-38870 (Free5gc v3.2.1 is vulnerable to Information disclosure. ...)
+ TODO: check
CVE-2022-38869
RESERVED
CVE-2022-38868
@@ -12942,8 +12983,8 @@ CVE-2022-38582
RESERVED
CVE-2022-38581
RESERVED
-CVE-2022-38580
- RESERVED
+CVE-2022-38580 (Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery ...)
+ TODO: check
CVE-2022-38579
RESERVED
CVE-2022-38578
@@ -13343,10 +13384,10 @@ CVE-2022-38438 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affe
NOT-FOR-US: Adobe
CVE-2022-38437 (Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30 ...)
NOT-FOR-US: Adobe
-CVE-2022-38436
- RESERVED
-CVE-2022-38435
- RESERVED
+CVE-2022-38436 (Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) ...)
+ TODO: check
+CVE-2022-38435 (Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) ...)
+ TODO: check
CVE-2022-38434 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) ...)
NOT-FOR-US: Adobe
CVE-2022-38433 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) ...)
@@ -14154,18 +14195,18 @@ CVE-2022-38202
RESERVED
CVE-2022-38201
RESERVED
-CVE-2022-38200
- RESERVED
-CVE-2022-38199
- RESERVED
-CVE-2022-38198
- RESERVED
-CVE-2022-38197
- RESERVED
-CVE-2022-38196
- RESERVED
-CVE-2022-38195
- RESERVED
+CVE-2022-38200 (A cross site scripting vulnerability exists in some map service config ...)
+ TODO: check
+CVE-2022-38199 (A remote file download issue can occur in some capabilities of Esri Ar ...)
+ TODO: check
+CVE-2022-38198 (There is a reflected cross site scripting issue in the Esri ArcGIS Ser ...)
+ TODO: check
+CVE-2022-38197 (Esri ArcGIS Server versions 10.9.1 and below have an unvalidated redir ...)
+ TODO: check
+CVE-2022-38196 (Esri ArcGIS Server versions 10.9.1 and prior have a path traversal vul ...)
+ TODO: check
+CVE-2022-38195 (There is as reflected cross site scripting issue in Esri ArcGIS Server ...)
+ TODO: check
CVE-2022-38194 (In Esri Portal for ArcGIS versions 10.8.1, a system property is not pr ...)
NOT-FOR-US: Esri Portal for ArcGIS
CVE-2022-38193 (There is a code injection vulnerability in Esri Portal for ArcGIS vers ...)
@@ -14192,8 +14233,8 @@ CVE-2022-38183 (In Gitea before 1.16.9, it was possible for users to add existin
- gitea <removed>
CVE-2022-38182
RESERVED
-CVE-2022-38181
- RESERVED
+CVE-2022-38181 (An Arm product family through 2022-08-12 mail GPU kernel driver allows ...)
+ TODO: check
CVE-2022-2809
RESERVED
CVE-2022-38180 (In JetBrains Ktor before 2.1.0 the wrong authentication provider could ...)
@@ -14332,8 +14373,8 @@ CVE-2022-2764 (A flaw was found in Undertow. Denial of service can be achieved a
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2117506
CVE-2022-2763 (The WP Socializer WordPress plugin before 7.3 does not sanitise and es ...)
NOT-FOR-US: WordPress plugin
-CVE-2022-2762
- RESERVED
+CVE-2022-2762 (The AdminPad WordPress plugin before 2.2 does not have CSRF check when ...)
+ TODO: check
CVE-2022-2761
RESERVED
CVE-2022-2760 (In affected versions of Octopus Deploy it is possible to reveal the Sp ...)
@@ -14352,8 +14393,8 @@ CVE-2022-38164
RESERVED
CVE-2022-38163
RESERVED
-CVE-2022-38162
- RESERVED
+CVE-2022-38162 (Reflected cross-site scripting (XSS) vulnerabilities in WithSecure thr ...)
+ TODO: check
CVE-2022-38161 (The Gumstix Overo SBC on the VSKS board through 2022-08-09, as used on ...)
NOT-FOR-US: Gumstix Overo SBC
CVE-2022-38160
@@ -17842,8 +17883,8 @@ CVE-2022-36785
RESERVED
CVE-2022-36784
RESERVED
-CVE-2022-36783
- RESERVED
+CVE-2022-36783 (AlgoSec FireFlow Reflected Cross-Site-Scripting (RXSS): A malicious us ...)
+ TODO: check
CVE-2022-36782 (Pal Electronics Systems - Pal Gate Authorization Errors. The vulnerabi ...)
NOT-FOR-US: Pal Electronics Systems
CVE-2022-36781 (WiseConnect - ScreenConnect Session Code Bypass. An attacker would hav ...)
@@ -18527,14 +18568,14 @@ CVE-2022-36456 (TOTOLink A720R V4.1.5cu.532_B20210610 was discovered to contain
NOT-FOR-US: TOTOLINK
CVE-2022-36455 (TOTOLink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a co ...)
NOT-FOR-US: TOTOLINK
-CVE-2022-36454
- RESERVED
-CVE-2022-36453
- RESERVED
-CVE-2022-36452
- RESERVED
-CVE-2022-36451
- RESERVED
+CVE-2022-36454 (A vulnerability in the MiCollab Client API of Mitel MiCollab through 9 ...)
+ TODO: check
+CVE-2022-36453 (A vulnerability in the MiCollab Client API of Mitel MiCollab 9.1.3 thr ...)
+ TODO: check
+CVE-2022-36452 (A vulnerability in the web conferencing component of Mitel MiCollab th ...)
+ TODO: check
+CVE-2022-36451 (A vulnerability in the MiCollab Client server component of Mitel MiCol ...)
+ TODO: check
CVE-2022-36450 (Obsidian 0.14.x and 0.15.x before 0.15.5 allows obsidian://hook-get-ad ...)
NOT-FOR-US: Obsidian
CVE-2022-36449 (An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privi ...)
@@ -20114,34 +20155,34 @@ CVE-2022-35889
RESERVED
CVE-2022-35888 (Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow att ...)
NOT-FOR-US: Ampere Altra and Ampere Altra Max devices
-CVE-2022-35887
- RESERVED
-CVE-2022-35886
- RESERVED
-CVE-2022-35885
- RESERVED
-CVE-2022-35884
- RESERVED
-CVE-2022-35881
- RESERVED
-CVE-2022-35880
- RESERVED
-CVE-2022-35879
- RESERVED
-CVE-2022-35878
- RESERVED
-CVE-2022-33938
- RESERVED
-CVE-2022-35877
- RESERVED
-CVE-2022-35876
- RESERVED
-CVE-2022-35875
- RESERVED
-CVE-2022-35874
- RESERVED
-CVE-2022-35244
- RESERVED
+CVE-2022-35887 (Four format string injection vulnerabilities exist in the web interfac ...)
+ TODO: check
+CVE-2022-35886 (Four format string injection vulnerabilities exist in the web interfac ...)
+ TODO: check
+CVE-2022-35885 (Four format string injection vulnerabilities exist in the web interfac ...)
+ TODO: check
+CVE-2022-35884 (Four format string injection vulnerabilities exist in the web interfac ...)
+ TODO: check
+CVE-2022-35881 (Four format string injection vulnerabilities exist in the UPnP logging ...)
+ TODO: check
+CVE-2022-35880 (Four format string injection vulnerabilities exist in the UPnP logging ...)
+ TODO: check
+CVE-2022-35879 (Four format string injection vulnerabilities exist in the UPnP logging ...)
+ TODO: check
+CVE-2022-35878 (Four format string injection vulnerabilities exist in the UPnP logging ...)
+ TODO: check
+CVE-2022-33938 (A format string injection vulnerability exists in the ghome_process_co ...)
+ TODO: check
+CVE-2022-35877 (Four format string injection vulnerabilities exist in the XCMD testWif ...)
+ TODO: check
+CVE-2022-35876 (Four format string injection vulnerabilities exist in the XCMD testWif ...)
+ TODO: check
+CVE-2022-35875 (Four format string injection vulnerabilities exist in the XCMD testWif ...)
+ TODO: check
+CVE-2022-35874 (Four format string injection vulnerabilities exist in the XCMD testWif ...)
+ TODO: check
+CVE-2022-35244 (A format string injection vulnerability exists in the XCMD getVarHA fu ...)
+ TODO: check
CVE-2022-2446
RESERVED
CVE-2022-2445
@@ -20524,8 +20565,8 @@ CVE-2022-2396 (A vulnerability classified as problematic was found in SourceCode
NOT-FOR-US: Simple e-Learning System
CVE-2022-35740
RESERVED
-CVE-2022-35739
- RESERVED
+CVE-2022-35739 (PRTG Network Monitor through 22.2.77.2204 does not prevent custom inpu ...)
+ TODO: check
CVE-2022-35738
RESERVED
CVE-2022-35737 (SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-b ...)
@@ -21728,16 +21769,16 @@ CVE-2022-35279
RESERVED
CVE-2022-35278 (In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could show mal ...)
NOT-FOR-US: Apache ActiveMQ Artemis
-CVE-2022-34850
- RESERVED
-CVE-2022-34845
- RESERVED
+CVE-2022-34850 (An OS command injection vulnerability exists in the web_server /action ...)
+ TODO: check
+CVE-2022-34845 (A firmware update vulnerability exists in the sysupgrade functionality ...)
+ TODO: check
CVE-2022-33975
RESERVED
-CVE-2022-33897
- RESERVED
-CVE-2022-33150
- RESERVED
+CVE-2022-33897 (A directory traversal vulnerability exists in the web_server /ajax/rem ...)
+ TODO: check
+CVE-2022-33150 (An OS command injection vulnerability exists in the js_package install ...)
+ TODO: check
CVE-2022-2339 (With this SSRF vulnerability, an attacker can reach internal addresses ...)
NOT-FOR-US: nocodb
CVE-2022-2338 (Softing Secure Integration Server V1.22 is vulnerable to authenticatio ...)
@@ -21754,28 +21795,28 @@ CVE-2022-2333 (If an attacker manages to trick a valid user into loading a malic
NOT-FOR-US: Honeywell
CVE-2022-2332 (A local unprivileged attacker may escalate to administrator privileges ...)
NOT-FOR-US: Honeywell
-CVE-2022-35271
- RESERVED
-CVE-2022-35270
- RESERVED
-CVE-2022-35269
- RESERVED
-CVE-2022-35268
- RESERVED
-CVE-2022-35267
- RESERVED
-CVE-2022-35266
- RESERVED
-CVE-2022-35265
- RESERVED
-CVE-2022-35264
- RESERVED
-CVE-2022-35263
- RESERVED
-CVE-2022-35262
- RESERVED
-CVE-2022-35261
- RESERVED
+CVE-2022-35271 (A denial of service vulnerability exists in the web_server hashFirst f ...)
+ TODO: check
+CVE-2022-35270 (A denial of service vulnerability exists in the web_server hashFirst f ...)
+ TODO: check
+CVE-2022-35269 (A denial of service vulnerability exists in the web_server hashFirst f ...)
+ TODO: check
+CVE-2022-35268 (A denial of service vulnerability exists in the web_server hashFirst f ...)
+ TODO: check
+CVE-2022-35267 (A denial of service vulnerability exists in the web_server hashFirst f ...)
+ TODO: check
+CVE-2022-35266 (A denial of service vulnerability exists in the web_server hashFirst f ...)
+ TODO: check
+CVE-2022-35265 (A denial of service vulnerability exists in the web_server hashFirst f ...)
+ TODO: check
+CVE-2022-35264 (A denial of service vulnerability exists in the web_server hashFirst f ...)
+ TODO: check
+CVE-2022-35263 (A denial of service vulnerability exists in the web_server hashFirst f ...)
+ TODO: check
+CVE-2022-35262 (A denial of service vulnerability exists in the web_server hashFirst f ...)
+ TODO: check
+CVE-2022-35261 (A denial of service vulnerability exists in the web_server hashFirst f ...)
+ TODO: check
CVE-2022-35260
RESERVED
CVE-2022-35259
@@ -21824,8 +21865,8 @@ CVE-2022-35246 (A NoSQL-Injection information disclosure vulnerability vulnerabi
NOT-FOR-US: Rocket.Chat
CVE-2022-34866 (Passage Drive versions v1.4.0 to v1.5.1.0 and Passage Drive for Box ve ...)
NOT-FOR-US: Passage Drive
-CVE-2022-32765
- RESERVED
+CVE-2022-32765 (An OS command injection vulnerability exists in the sysupgrade command ...)
+ TODO: check
CVE-2022-2331
RESERVED
CVE-2022-2330 (Improper Restriction of XML External Entity Reference vulnerability in ...)
@@ -22117,8 +22158,8 @@ CVE-2022-35133 (A cross-site scripting (XSS) vulnerability in CherryTree v0.99.3
NOTE: https://drive.google.com/file/d/1Pidkh2MAQkue81dS7SI-d16Vun_s5tot/view?usp=sharing
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1202513
NOTE: https://github.com/giuspen/cherrytree/issues/2099
-CVE-2022-35132
- RESERVED
+CVE-2022-35132 (Usermin through 1.850 allows a remote authenticated user to execute OS ...)
+ TODO: check
CVE-2022-35131 (Joplin v2.8.8 allows attackers to execute arbitrary commands via a cra ...)
NOT-FOR-US: Joplin
CVE-2022-35130
@@ -22976,8 +23017,7 @@ CVE-2022-34872 (This vulnerability allows remote attackers to disclose sensitive
- centreon-web <itp> (bug #913903)
CVE-2022-34871 (This vulnerability allows remote attackers to escalate privileges on a ...)
- centreon-web <itp> (bug #913903)
-CVE-2022-34870
- RESERVED
+CVE-2022-34870 (Apache Geode versions up to 1.15.0 are vulnerable to a Cross-Site Scri ...)
NOT-FOR-US: Apache Geode
CVE-2022-34858 (Authentication Bypass vulnerability in miniOrange OAuth 2.0 client for ...)
NOT-FOR-US: WordPress plugin
@@ -26161,8 +26201,8 @@ CVE-2022-2089 (The Bold Page Builder WordPress plugin before 4.3.3 does not sani
NOT-FOR-US: WordPress plugin
CVE-2022-33758
RESERVED
-CVE-2022-33757
- RESERVED
+CVE-2022-33757 (An authenticated attacker could read Nessus Debug Log file attachments ...)
+ TODO: check
CVE-2022-33756 (CA Automic Automation 12.2 and 12.3 contain an entropy weakness vulner ...)
NOT-FOR-US: CA Automic Automation
CVE-2022-33755 (CA Automic Automation 12.2 and 12.3 contain an insecure input handling ...)
@@ -27336,46 +27376,46 @@ CVE-2022-2078 (A vulnerability was found in the Linux kernel's nft_set_desc_conc
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2096178
NOTE: https://www.openwall.com/lists/oss-security/2022/06/02/1
NOTE: https://git.kernel.org/linus/fecf31ee395b0295f2d7260aa29946b7605f7c85 (5.19-rc1)
-CVE-2022-33207
- RESERVED
-CVE-2022-33206
- RESERVED
-CVE-2022-33205
- RESERVED
-CVE-2022-33204
- RESERVED
-CVE-2022-33195
- RESERVED
-CVE-2022-33194
- RESERVED
-CVE-2022-33193
- RESERVED
-CVE-2022-33192
- RESERVED
-CVE-2022-33189
- RESERVED
-CVE-2022-32775
- RESERVED
-CVE-2022-32773
- RESERVED
-CVE-2022-32586
- RESERVED
-CVE-2022-32574
- RESERVED
-CVE-2022-32454
- RESERVED
-CVE-2022-30603
- RESERVED
-CVE-2022-30541
- RESERVED
-CVE-2022-29889
- RESERVED
-CVE-2022-29520
- RESERVED
-CVE-2022-29472
- RESERVED
-CVE-2022-27804
- RESERVED
+CVE-2022-33207 (Four OS command injection vulnerabilities exists in the web interface ...)
+ TODO: check
+CVE-2022-33206 (Four OS command injection vulnerabilities exists in the web interface ...)
+ TODO: check
+CVE-2022-33205 (Four OS command injection vulnerabilities exists in the web interface ...)
+ TODO: check
+CVE-2022-33204 (Four OS command injection vulnerabilities exists in the web interface ...)
+ TODO: check
+CVE-2022-33195 (Four OS command injection vulnerabilities exist in the XCMD testWifiAP ...)
+ TODO: check
+CVE-2022-33194 (Four OS command injection vulnerabilities exist in the XCMD testWifiAP ...)
+ TODO: check
+CVE-2022-33193 (Four OS command injection vulnerabilities exist in the XCMD testWifiAP ...)
+ TODO: check
+CVE-2022-33192 (Four OS command injection vulnerabilities exist in the XCMD testWifiAP ...)
+ TODO: check
+CVE-2022-33189 (An OS command injection vulnerability exists in the XCMD setAlexa func ...)
+ TODO: check
+CVE-2022-32775 (An integer overflow vulnerability exists in the web interface /action/ ...)
+ TODO: check
+CVE-2022-32773 (An OS command injection vulnerability exists in the XCMD doDebug funct ...)
+ TODO: check
+CVE-2022-32586 (An OS command injection vulnerability exists in the web interface /act ...)
+ TODO: check
+CVE-2022-32574 (A double-free vulnerability exists in the web interface /action/ipcamS ...)
+ TODO: check
+CVE-2022-32454 (A stack-based buffer overflow vulnerability exists in the XCMD setIPCa ...)
+ TODO: check
+CVE-2022-30603 (An OS command injection vulnerability exists in the web interface /act ...)
+ TODO: check
+CVE-2022-30541 (An OS command injection vulnerability exists in the XCMD setUPnP funct ...)
+ TODO: check
+CVE-2022-29889 (A hard-coded password vulnerability exists in the telnet functionality ...)
+ TODO: check
+CVE-2022-29520 (An OS command injection vulnerability exists in the console_main_loop ...)
+ TODO: check
+CVE-2022-29472 (An OS command injection vulnerability exists in the web interface util ...)
+ TODO: check
+CVE-2022-27804 (An os command injection vulnerability exists in the web interface util ...)
+ TODO: check
CVE-2022-2077
REJECTED
CVE-2022-2076
@@ -27814,8 +27854,8 @@ CVE-2022-32986
RESERVED
CVE-2022-32761 (An information disclosure vulnerability exists in the aVideoEncoderRec ...)
NOT-FOR-US: WWBN AVideo
-CVE-2022-32760
- RESERVED
+CVE-2022-32760 (A denial of service vulnerability exists in the XCMD doDebug functiona ...)
+ TODO: check
CVE-2022-32572 (An os command injection vulnerability exists in the aVideoEncoder wget ...)
NOT-FOR-US: WWBN AVideo
CVE-2022-32282 (An improper password check exists in the login functionality of WWBN A ...)
@@ -27824,14 +27864,14 @@ CVE-2022-30547 (A directory traversal vulnerability exists in the unzipDirectory
NOT-FOR-US: WWBN AVideo
CVE-2022-30534 (An OS command injection vulnerability exists in the aVideoEncoder chun ...)
NOT-FOR-US: WWBN AVideo
-CVE-2022-29477
- RESERVED
-CVE-2022-29475
- RESERVED
+CVE-2022-29477 (An authentication bypass vulnerability exists in the web interface /ac ...)
+ TODO: check
+CVE-2022-29475 (An information disclosure vulnerability exists in the XFINDER function ...)
+ TODO: check
CVE-2022-28710 (An information disclosure vulnerability exists in the chunkFile functi ...)
NOT-FOR-US: WWBN AVideo
-CVE-2022-27805
- RESERVED
+CVE-2022-27805 (An authentication bypass vulnerability exists in the GHOME control fun ...)
+ TODO: check
CVE-2022-2072 (The Name Directory WordPress plugin before 1.25.3 does not sanitise an ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2071 (The Name Directory WordPress plugin before 1.25.4 does not have CSRF c ...)
@@ -32307,8 +32347,8 @@ CVE-2022-31470 (An XSS vulnerability in the index_mobile_changepass.hsp reset-pa
NOT-FOR-US: Axigen Mobile WebMail
CVE-2022-31469
RESERVED
-CVE-2022-31468
- RESERVED
+CVE-2022-31468 (OX App Suite through 8.2 allows XSS via an attachment or OX Drive cont ...)
+ TODO: check
CVE-2022-31467 (A DLL hijacking vulnerability in the installed for Quick Heal Total Se ...)
NOT-FOR-US: Quick Heal Total Security
CVE-2022-31466 (Time of Check - Time of Use (TOCTOU) vulnerability in Quick Heal Total ...)
@@ -37050,8 +37090,8 @@ CVE-2022-29853
RESERVED
CVE-2022-29852
RESERVED
-CVE-2022-29851
- RESERVED
+CVE-2022-29851 (documentconverter in OX App Suite through 7.10.6, in a non-default con ...)
+ TODO: check
CVE-2022-29850 (Various Lexmark products through 2022-04-27 allow an attacker who has ...)
NOT-FOR-US: Lexmark
CVE-2022-29849 (In Progress OpenEdge before 11.7.14 and 12.x before 12.2.9, certain SU ...)
@@ -42877,10 +42917,10 @@ CVE-2022-27915
RESERVED
CVE-2022-27914
RESERVED
-CVE-2022-27913
- RESERVED
-CVE-2022-27912
- RESERVED
+CVE-2022-27913 (An issue was discovered in Joomla! 4.2.0 through 4.2.3. Inadequate fil ...)
+ TODO: check
+CVE-2022-27912 (An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with pub ...)
+ TODO: check
CVE-2022-27911 (An issue was discovered in Joomla! 4.2.0. Multiple Full Path Disclosur ...)
NOT-FOR-US: Joomla!
CVE-2022-27910 (In Joomla component 'Joomlatools - DOCman 3.5.13 (and likely most vers ...)
@@ -43706,10 +43746,10 @@ CVE-2022-27625 (A vulnerability regarding improper restriction of operations wit
NOT-FOR-US: Synology
CVE-2022-27624 (A vulnerability regarding improper restriction of operations within th ...)
NOT-FOR-US: Synology
-CVE-2022-27623
- RESERVED
-CVE-2022-27622
- RESERVED
+CVE-2022-27623 (Missing authentication for critical function vulnerability in iSCSI ma ...)
+ TODO: check
+CVE-2022-27622 (Server-Side Request Forgery (SSRF) vulnerability in Package Center fun ...)
+ TODO: check
CVE-2022-27621 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
NOT-FOR-US: Synology DiskStation Manager
CVE-2022-27620 (Improper limitation of a pathname to a restricted directory ('Path Tra ...)
@@ -49606,7 +49646,7 @@ CVE-2022-25523 (TypesetterCMS v5.1 was discovered to contain a Cross-Site Reques
NOT-FOR-US: TypesetterCMS
CVE-2022-25522
RESERVED
-CVE-2022-25521 (UNNO v03.11.00 was discovered to contain access control issue. ...)
+CVE-2022-25521 (NUUO v03.11.00 was discovered to contain access control issue. ...)
NOT-FOR-US: UNNO
CVE-2022-25520
RESERVED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c841fb271a9de82b65fd2f771a0e01bb3d645bd
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c841fb271a9de82b65fd2f771a0e01bb3d645bd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221025/13029f37/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list